CVE-2023-30607

Published: Jul 5, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.

Affected (1)

Products: Icinga: Icinga Web Jira Integration

1 product

Icinga Web Jira Integration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Icinga Icinga Web Jira Integration	From 1.3.0 to 1.3.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://github.com/Icinga/icingaweb2-module-jira/commit/7f0c53b7a3e87be2f4c2e8840805d7b7c9762424

Source: security-advisories@github.com

Patch

https://github.com/Icinga/icingaweb2-module-jira/releases/tag/v1.3.2

Source: security-advisories@github.com

Release Notes

https://github.com/Icinga/icingaweb2-module-jira/security/advisories/GHSA-gh7w-7f7j-gwp5

Source: security-advisories@github.com

Vendor Advisory

https://github.com/Icinga/icingaweb2-module-jira/commit/7f0c53b7a3e87be2f4c2e8840805d7b7c9762424

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/Icinga/icingaweb2-module-jira/releases/tag/v1.3.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/Icinga/icingaweb2-module-jira/security/advisories/GHSA-gh7w-7f7j-gwp5

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.